Cyber Rescue Coaches

Cyber Rescue Coaches give assistance that is tailored to the nature of your attack. 

The five dimensions of cyber attack that are most relevant:

  1. Business Challenge caused by attack
  2. Agent of attack
  3. Vector used for attack
  4. Impact the attack might have on your business, and
  5. Timing of our engagement with you.

Each of these 5 points are explained below.

1. Business Challenge: it is essential to understand the business challenge caused by any (suspected) cyber attack. For example, consider:

  • Breach - possible breach of Personal Sensitive Info
  • Breach - possible breach of Commercially Sensitive Info
  • Breach - possible compromise of own Bank Accounts
  • Breach - possible compromise of Outgoing Communications
  • Ransom - business interruption, as key Data held Hostage
  • DDoS - business interruption, as online Services Overwhelmed
  • Physical Systems - risk to human health as Machines Hijacked
  • Supplier attacked - risk to Your Supplies & system integrity (a fast growing concern)

2. Agent of Attack: it is natural to wonder who has caused your problem, but it is essential to remember that it can often take months to really find out.

  • Nation State
  • Organised Crime
  • Hactivist
  • Cracker
  • Script Kiddy
  • Insider (Disgruntled, or Accidental)
  • Competitor
  • Via a supplier

3. Technique used for Attack: there are several ways that an attacker can harm your organisation's reputation, ability to operate normally, and financial health. These include:

  • Account Hijacking A type of identity theft, where a hacker uses stolen account information such as passwords for unauthorized activity. Can follow a successful phishing attack.
  • APT An advanced persistent attack is a type of targeted attack. The phrase APT should be reserved for very sophisticated, long-term, state-sponsored attack campaigns. Most organisations won't suffer an APT.
  • Defacement Eg to put embarrassing content on your web pages. Can follow a successful SQLi attack.
  • DDoS A Distributed Denial of Service attack aims to overwhelm your systems, which frustrates authorised users and distracts your IT staff. Your ISP or Cloud Hosting provider should be able to assist with your response.
  • DNS Hijacking This attack redirects users away from the internet address properly associated with a web site domain name, to support crimes such as phishing and pharming.
  • POS Malware Malicious software written to steal consumer payment data such as credit card details from retail checkout systems.
  • Ransomware A type of malware that prevents or limits users from accessing their system.
  • SQLi (Structured Query Language injection, eg to send instructions via your own web pages to access your database.)
  • Targeted Attack is an attack that has been aimed at a specific organization. These attacks are relatively uncommon, but can be serious. See APT.
  • Zero Day is an attack that exploits any software flaw that has not previously been published, before organisations have been able to patch the flaw. A successful zero day attack may be used to infiltrate malware.

4. Potential Business Impact

  • If business impact is expected to be small, unlikely that a mid-sized business will want to use heavy-weight expertise
  • If business impact could be large, (such as on a current M&A activity), and complex to resolve, (such as industrial espionage or malicious insider).

5. Timing of engagement:

  • Pre-breach services, including Risk Assessment and the Health Check.
  • Post-breach services, including first responder Cyber Crisis Coach consultants, and data forensics.